The Update Framework (TUF) is a standard being adopted across the open web, as a collaboration between open source projects to improve supply chain security. Learn about how this collaboration came to be, what TUF is, and why it was chosen to support Drupal's Automatic Updates initiative.

Prerequisite
None. This is introductory-level, using real-world examples to explain fundamental security concepts.

Outline
1. Software Supply Chains: What are they, and how do they present a vulnerability to Drupal sites?
2. Automatic Updates Initiative & The Update Framework (TUF): How can smaller Drupal sites be kept secure, thus reducing barriers for more diverse organizations to adopt Drupal.
3. Validating Signatures & Documents: Introducing real-world examples (ie. cheques, contracts & notaries).
4. Digital Signatures: A simplified explanation of asymmetric key-pairs and how they can be used.
5. Software Package Updates: Basics of Drupal/Composer workflows, and where they can be vulnerable to attack.
6. Signing & Verifying Packages: Show how TUF allows Automatic Updates to ensure that newer versions of modules haven't been tampered with.

Learning Objectives
- Learn fundamental security concepts by grounding them in real-world examples.
- Learn the basics of keeping Drupal sites secure
- Learn how TUF and Automatic Updates will make that easier.

Experience level
Beginner